Thank you, Anne, for that -- that kind
introduction and to all of you for attending. And more broadly, thank
you to the Chamber for your continued support of cyber security and the
things that we're doing.

Immediately, when that was released the
Chamber pulled together all its great members, as many people as they
could sort of round up from the government that knew anything about this
at that time, and working with some of the sponsors that very similar to
what we see today, and had one of the first cyber summits. And the room
was nowhere near as large. The attendance was nowhere near as great. And
I think the expertise and discussions were much more junior than what we
have today. So it's wonderful that -- that they continue to do that.

The other thing I want to reflect on
relative to the Chamber is the support they've given us for many of
the initiatives both in private sector and the government. And
specifically, I want to thank the -- the Chamber for when we released the
National Strategy for Trusted Identities in Cyberspace, or the NSTIC
-- the
huge outpouring that we had from private sector with the leadership of
the U.S. Chamber. I remember the three of us were up here at the
time from the White House and talked it -- Gene Sperling,1
[and] former
Ambassador to China, who is my former governor,
Gary Locke. And it was an
interesting day because it really, I think, put a mark in -- at least in
the D.C. area -- that many of these problems we're dealing with, many of the
things can be solved, but often times can be solved by private sector.

And it's interesting, when you put together all the pieces of this
-- you
look at the military, the law enforcement, the private sector, the Executive
Branch of the government, the congressional piece of it, which
may not move as fast as I think we all would like to see it -- at least we
have the same direction. We have the same function of saying, “Yes, we
really need to do something.”

On a personal note, a number of months
back [at] my home in Seattle, a pipe separated and flooded much of the
house. And I haven't been back in -- to be able to move back in. But in
doing so, my wife got one of her biggest wishes: to get rid of all that
stuff I've accumulated over the years -- all the binders, all the
briefings, all the -- the old hardware and drives and stuff that we had that
contained a lot of this stuff.

And in doing so, of course very
selectively, I found a report from 1998. It was a report by RAND
Corporation in joint with the Chamber and a lot of other organizations
looking at critical infrastructure protection, particularly looking at
it from a perspective of “How do we do this?” It was a clarion call, if you
would, for private-public partnerships. And it was very clear at the
time: the government give information to private sector, private sector
shared information with the government; and more importantly that the
private sector share information amongst themselves, particularly on
threats, vulnerabilities, and best practices.

Here we are almost 20 years later. We're
having the same discussion. We have to really refine the things that we're doing.

Now, I ideal a fair amount with financial services, international
energy companies, and I see on a day-to-day basis not just incremental
but great leaps moving forward on securing their systems. They're
working with the government task forces, you know, the -- the energy sector, the
-- the Capability Maturity Model that -- that we started a few years back. These
companies are not taking this lightly. There are certain things that
Anne suggested that we need the government to do. We need to good -- have good
legislation that protects the companies from sharing that information
because there's a lot of people out there, and particularly in...a lot of
the [Legal] Counsel offices [who say], "Well, we're not sure you can do this." Or,
"If you
share information with the government and some issue becomes of it and
litigation starts out of it, as you may be on the hook, you may not have
the same level of expertise to -- to fight the case for you, as you're going
to hire outside counsel. You're going to have to do these
things, and as a consequence, it's just not worth it.

But now some of
the boardrooms that I'm sitting in and some of the meetings I'm having
with some of the chairman --
Tom [Ridge]2
and I do on a regular basis -- the discussion has changed. It's not, “We can’t do it.”
It's, “How do we do it?” How do we make sure that we support what the
government’s efforts are with -- without inferring additional regulation on us.
Some of the sectors we work with are so heavily regulated, it's
difficult to actually do the things that they need to do. And that's
where we're working at now. And that's what I think all of you with
the Chamber and the sponsors here should be talking about today.

And then, in sort of closing, to -- to once
again thank the Executive Branch. When all the retail things that we've seen in the news recently about intrusions and breaches, and
-- and sort of
we're looking at this whole system that we operate. There was a lot
going on. There continues to be a lot going on. And I don’t know how many
else in the audience in the recent weeks got that little card in the
mail that says, by the way, just as "precaution," we're replacing your
credit card. Got mine the other day and had
PIN and chip
technology built in to it.

So, we're making progress. And when the
President called for a
secure buying for the
government, we in private sector are moving [in] that direction as well. No
longer are we going to be part of a system that depends on User ID and
passwords to do all the work that we need to do. It's
not easy. It's not cheap. But if we continue to admire the problem and
not put the pieces together that said, “Here's the strategies that we're looking at” from the government perspective, from the private sector
perspective, from the research and development community -- if we're not
taking those strategies and executing on them, next year we're going to
be having a discussion at this conference again about the things that we
should be doing.

The time for strategy and looking at the
problem is long gone. That 1998 report that I mentioned a few moment
ago, it could have been written yesterday. So we need to execute on the
plans that we have. We need to actually do the collaboration and figure
out ways to make it better. We're on a path to do that. I think
everyone in this room is committed to do that. I think the people from
the government are here to commit to that. And I think if we each to do
that, we each do our part to secure our part of cyberspace, then next
year when we have this meeting, it will be about all the things that we've been able to accomplish
-- not only to build a better security
but also to improve the business and economic environment globally;
because when it comes down to it, that's what keeps the machine running.

So with that, I thank you once again for
your attendance and in the -- in the Chamber I thank you for inviting us and I
look forward to the rest of the deliberations.

1 Mr. Sperling served as economic advisor to the
President. He played a pivotal role in negotiating the World Trade
Organization accord between the U.S. and China in 1999.

2 Referent of "Tom" is an
educated guess. Governor Tom Ridge and Howard Schmidt were cofounders of
and partners at the cybersecurity consulting firm Ridge-Schmidt
Cyber LLC(reconfigured as
Ridge
Global following Schmidt's passing).